You have probably all heard of Occam’s Razor, a theory that was attributed to William of Okham centuries ago that the conventional use is associated with the adage “given two solutions, the simplest solution is probably the best.” Well, after some research, it turns out that this is just one of many interpretations of this theory, others being that an “entity should not be multiplied beyond its necessity” as well as others (see the wikipedia entry on Occam’s as well as read Charles Mackay’s Extraordinary Popular Delusions and Madness of Crowds by Tim Phillips). The reason I write today about this used (and somewhat overused) theory is something that can be useful with computer security in your company.
After working in several federal government agencies, I found two different security methods. The first one was “keep it secure at some point, but otherwise keep it open” while the other one was “keep it secure until otherwise needed.” These two competing forms of information security had their advantages and disadvantages, but I found one thing in common – keep it simple. For instance, the email address. In order to ensure consistency, most email addresses contained something that was pretty easy to remember for the user – the first name and the last name. The problem with having this as a standard is that all an amateur hacker needs to get into someones email is the user name since that gives them the ability to attach a text file with malware and they are in the company. I could give you some advice on this, but that could make me a black hat, so I will not do that here. However, instead, let me give you some advice on email names.
First, do NOT base your email name on your first and last names! I cannot count the times that I see this, even with friends that are computer security specialists.
Second, do NOT put a date in that email address! Any date has to be based on something and someone will figure it out – period. If someone wants to get to your personal information, why make it easy for them? If you must put a number in your email address, make it something that means nothing to you personally (like the number for pi – 314 – or something similar).
Third, do NOT use your middle name if you have a choice. Again, the middle name can mean something more than just your middle name. It could be your mother’s maiden name and you never want to give that out.
Treat your email address as you would any other piece of personal information. Make the information displayed as hidden as possible. Don’t worry. Those people that you know will probably know when your birthday or anniversary is, so they will remember.
Just a quick bit of tips from the people at GRECTECH (www.grectech.com).